U.S. Department of the Interior 
PRIVACY IMPACT ASSESSMENT 





Introduction 


The Department of the Interior requires PIAs to be conducted and maintained on all IT systems 
whether already in existence, in development or undergoing modification in order to adequately 
evaluate privacy risks, ensure the protection of privacy information, and consider privacy 
implications throughout the information system development life cycle. This PIA form may 
not be modified and must be completed electronically; hand-written submissions will not be 
accepted. See the DOI PIA Guide for additional guidance on conducting a PIA or meeting the 
requirements of the E-Government Act of 2002. See Section 6.0 of the DOI PIA Guide for 
specific guidance on answering the questions in this form. 


NOTE: See Section 7.0 of the DOI PIA Guide for guidance on using the DOI Adapted PIA 
template to assess third-party websites or applications. 


Name of Project: Government Retirement Benefits (GRB) 
Bureau/Office: Office of the Secretary 

Date: September 30, 2021 

Point of Contact 

Name: Danna Mingo 

Title: DOI Departmental Offices Associate Privacy Officer 
Email: os_privacy@ios.doi.gov 

Phone: (202) 441-5504 

Address: 1849 C Street NW, Room 7112, Washington, DC 20240 


Section 1. General System Information 
A. Isa full PIA required? 


X Yes, information is collected from or maintained on 
L Members of the general public 
X Federal personnel and/or Federal contractors 
L] Volunteers 
O All 


O No: 


B. What is the purpose of the system? 
The Government Retirement Benefits (GRB) system is a Federal Retirement 
Administration Software as a Service (SaaS) web automated system used by the U.S. 
Department of the Interior (DOI), Human Resource (HR) Line of Business (HRLoB) for 
retirement and benefits calculations. 
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GRB is a subscription based, self-service application with a suite of tools used for 
assisting HR Specialists to perform accurate service computation date calculations, 
service computation for leave, service history, full estimate on retirement, deposits for 
military, civilian time and re-deposits for civilian time, severance pay, disability 
retirement, calculations, and death benefit estimates. The GRB platform includes the 
following features: Reports/Estimates, Forms, Documents, and the Electronic Retirement 
Application Package. 


GRB increases productivity within the Benefits Office by helping the benefits specialist 
formulate and produce a retirement summary report for an employee which eliminates 
manual calculation errors. GRB also assists HR benefit specialists to provide advisory 
services to DOI and bureau/office employees. 


Each bureau has their own instance of GRB and is responsible for complying with 
Federal and Departmental legal and policy requirements. The bureaus and offices using 
the GRB system include: Bureau of Reclamation (BOR), Bureau of Safety and 
Environmental Enforcement (BSEE), National Parks Service (NPS), United States 
Geological Survey (USGS), Office of Surface Mining Reclamation and Enforcement 
(OSMRE), and Interior Business Center (IBC). 


What is the legal authority? 


5 U.S.C. Chapter 83; Retirement, 5 U.S.C. Chapter 84: Federal Employees’ Retirement 
System (FERS), 5 U.S.C 1302; Regulations, 5 U.S.C. 2951; Reports to the Office of 
Personnel Management, 5 U.S.C 2954; Information to committees of Congress on 
request, 5 U.S.C. 3301; Civil Service; generally, 5 U.S.C 3372; General Provisions, 5 
U.S.C 4118; Regulations, 5 U.S.C 8339; Computation of annuity, 5 U.S.C 8347 
Administration; regulations, 5 U.S.C 8415; Computation of basic annuity, Executive 
Orders 9397, as amended by 13478 relating to Federal agency use of Social Security 
numbers; and Public Law 101—576 (Nov. 15, 1990), Executive Order 9830; Amending 
the Civil Service Rules and providing for Federal personnel administration, and 
Executive Order 12107; Relating to the Civil Service Commission and labor-management 
in the Federal Service; 5 CFR Parts 831; Retirement, 5 CFR Parts 841; Federal 
Employees Retirement System-General Administration, 5 CFR Parts 842; Federal 
Employees Retirement System-Basic Annuity, 5 CFR Parts 843; Federal Employees 
Retirement System-Death Benefits And Employee Refunds, 5 CFR Parts 844; Federal 
Employees Retirement System-Disability Retirement, 5 CFR Parts 845; Federal 
Employees Retirement System-Debt Collection and Civil Service Retirement System 
(CSRS); and FERS Handbooks. 
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. Why is this PIA being completed or modified? 


XX] New Information System — PIA was never documented 
LI New Electronic Collection 

O Existing Information System under Periodic Review 

L Merging of Systems 

O Significantly Modified Information System 

L Conversion from Paper to Electronic Records 

O Retiring or Decommissioning a System 

O Other: Describe 


. Is this information system registered in CSAM? 
Xx Yes: 


The UII code for GRB 010-000002821; Government Retirement Benefits (GRB) System 
Security and Privacy Plan 


O No: 


. List all minor applications or subsystems that are hosted on this system and 
covered under this privacy impact assessment. 











Subsystem Name Purpose Contains PII Describe 
(Yes/No) If Yes, provide a 
description. 
None None No N/A 














. Does this information system or electronic collection require a published Privacy 
Act System of Records Notice (SORN)? 


Xx] Yes: 


Records in GRB are maintained under the following SORNs. 
e INTERIOR/DOI-85, Payroll, Attendance, Retirement, and Leave Records, 83 FR 
34156 (July 19, 2018) 
e OPM/GOVT-1, General Personnel Records, 77 FR 73694 (December 11, 2012); 
modification published at 80 FR 74815 (November 30, 2015) 


These SORNs may be viewed on the DOI SORN website at 
https://www.doi.gov/privacy/sorn. 
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O No 


H. Does this information system or electronic collection require an OMB Control 
Number? 


O Yes: 
Xx] No 


Section 2. Summary of System Data 


A. What PII will be collected? Indicate all that apply. 


X Name 

XX] Gender 

X Birth Date 

X Marital Status 

X Truncated SSN 

XX] Spouse Information 

XX] Social Security Number (SSN) 
X Personal Cell Telephone Number 
XX] Child or Dependent Information 
XX] Employment Information 

XX] Military Status/Service 

XX] Mailing/Home Address 

XX] Other: 


Benefits Specialists manually enter data into GRB from the Federal Personnel and Payroll 
System (FPPS) and the Electronic Official Personnel Folder (eOPF). The FPPS is DOI’s 
system personnel and payroll for employment and compensation data. The eOPF retains 
personnel documents for each employee’s entire Federal service. GRB uses only PII 
required to respond to employee requests and accurately compute calculations/estimates, 
including name, dates of birth, home address, personal and work email address, personal 
telephone number, Social Security numbers (SSNs), health/life insurance enrollment 
information, retirement contribution information, leave hours, tax status, salary, military 
status/service information, and service computation date (SCD). Human Resource (HR) 
Benefits Specialist may require an employee to provide the last four of their SSN for 
common name identification purposes only. Child or dependent information may be 
required for instances of employee death in service, however dependent SSN will not be 
required to provide an estimate calculation. 
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B. What is the source for the PII collected? Indicate all that apply. 


XX] Individual 

O Federal agency 

O Tribal agency 

O Local agency 

X DOI records 

L Third party source 
O State agency 

X Other: Describe 


GRB is not connected to any other system. FPPS and eOPF data is manually entered into 
the GRB system to calculate employee retirement benefits. 


C. How will the information be collected? Indicate all that apply. 


XX] Paper Format 

X Email 

X Face-to-Face Contact 

XX] Web site 

O Fax 

XX] Telephone Interview 

O Information Shared Between Systems Describe 
XX] Other: 


FPPS and eOPF data is manually entered into the GRB system to calculate employee 
retirement benefits. Employees can request for their Retirement Annuity information 
through email, telephone or face to face contact with their HR Benefits Specialists. 


Paper Format 
DOI employees must complete Office of Personnel Management (OPM) forms and 
submit them to their Bureau/Office Benefits Specialist for calculations of their retirement 
and benefits estimates. These forms include but not limited to: 
e Standard Form (SF) 2801, Application for Immediate Retirement (Civil 
Service Retirement System (CSRS) 
e SF 3107, Application for Immediate Retirement (Federal Employees 
Retirement System) 
e SF 2818, Continuation of Life Insurance Coverage (As an Annuitant or 
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Compensationer Federal Employees’ Group Life Insurance (FEGLI) Program) 


In addition to the above forms, employees may be required to complete bureau-specific 
forms including the BOR MP-952, Request for Retirement Annuity Estimate. 


DOI employees also submit their W-4P, Withholding Certificate for Pension or Annuity 
Payments, to the Benefits Specialists which is used for the calculations and estimates. 


Website 

HR Benefits Specialist enter employee information manually into the bureau/office 
instance of GRB for retirement benefits, and annuity calculations. HR Benefits 
Specialists redacts or encrypts PII prior to emailing the computation estimates to the 
intended annuitant or their beneficiaries. 


. What is the intended use of the PII collected? 


GRB uses PII such as SSN to identify employees and to create a profile in order to 
maintain service information, generate service computation date and retirement estimate 
reports. An HR Benefits Specialist may ask an employee to provide the last four of their 
SSN for common name purposes only. 


PII is used to perform service computation date calculations, service computation for 
leave, service history, full estimate on retirement, deposits for military, civilian time and 
re-deposits for civilian time, severance pay, disability retirement, calculations, and death 


benefit estimates. To respond to requests from employees and provide retirement and 
benefit estimates and calculations. 


. With whom will the PII be shared, both within DOI and outside DOI? Indicate all 
that apply. 


& Within the Bureau/Office: 


PII is not shared with the HR Information Systems office. Bureaus/offices have access to 
their employee data and is responsible for managing their instance of the system. 


Data is shared with each Bureau and Office by HR Benefits Specialists to assist bureau/ 
office employees with their retirement and benefit estimate or current calculations. 
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X Other Bureaus/Offices: 


Final retirement annuity computations and estimates are provided to IBC for processing 
in FPPS. Retirement packages include forms downloaded from GRB, are mailed to IBC, 
and forwarded to OPM for completion. GRB data is not shared between bureaus and 
offices, as each bureau/office maintains their own instance of the system to provide 
services to their employees. 


XX] Other Federal Agencies: 

Information on the standard forms sent to OPM is used to qualify a retiree for health 
insurance, life insurance, and their retirement annuity. Information may be shared with 
other Federal agencies as authorized in the routine uses outlined in the INTERIOR/ 


DOI-85, Payroll, Attendance, Retirement and Leave Records and OPM/GOVT-1, General 
Personnel Records, SORNs. 


C Tribal, State or Local Agencies: 
XX] Contractor: 


Government Retirement and Benefits Incorporated is on contract to provide system 
operations and maintenance only. PII data is not shared with GRB Incorporated. 


O Other Third Party Sources: 


F. Do individuals have the opportunity to decline to provide information or to consent 
to the specific uses of their PII? 


XX] Yes: 


Retirement calculations are performed in GRB at the employee’s request; thus, consent is 
provided when employees voluntarily submit forms and requests for retirement annuity 
calculations and estimates. Retirement estimates cannot be calculated without consent to 
access this data. Each bureau may have their own processes for collecting PII from their 
employees requesting retirement annuity calculations. 


O No: 
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G. What information is provided to an individual when asked to provide PII data? 
Indicate all that apply. 


X Privacy Act Statement: 


The required OPM forms contain Privacy Act Statements. Privacy Act Statements are 
provided on bureau/office forms that are used for the retirement calculation. 


X Privacy Notice: 


HR Benefits Specialists verbally provide notice to employees during retirement 
counseling sessions. Privacy notice is also provided through the publication of this 
privacy impact assessment, and the published INTERIOR/DOI-85, Payroll, Attendance, 
Retirement and Leave Records, and OPM/GOVT-1, General Personnel Records, SORNs 
which may be viewed at https://www.doi.gov/privacy/sorn. 





X Other: 


The GRB Platform website displays a warning banner that states all users are subject to 
monitoring, and there is no expectation of privacy during the use of the system. A Terms 
of Service Agreement is also available on the GRB Platform website. 


O None 


H. How will the data be retrieved? List the identifiers that will be used to retrieve 
information (e.g., name, case number, etc.). 


HR Benefits Specialists manually enter data obtained from FPPS and eOPF into the GRB 
system. FPPS is DOI’s system of record for employment and compensation data. The 
eOPF retains personnel documents for an employee’s Federal service. Only pertinent PII 
that is necessary to accurately compute calculations/estimates is utilized such name, date 
of birth, home and work address, personal and work telephone numbers, and full and 
truncated SSNs as necessary. 


Each bureau has their own process for retrieving data to generate reports. After 
information input into GRB is complete and while the employee profile is open, GRB 
generates automatic reports which can be downloaded by the HR Benefits Specialist to be 
shared with the requesting employee only. Retirement estimates are maintained in GRB. 
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I. Will reports be produced on individuals? 
XX] Yes: 


The system generates reports for Service and Retirement computations only. The 
estimate is shared with the employee that made the request. Each bureau has a unique 
process for retrieving data to generate reports. 


The report that is generated by GRB is uploaded into eOPF as supporting data for service 
computation dates and retirement estimates. The retirement estimate report is placed in 
the requesting employee’s retirement file. A copy of the file is typically retained for one 
(1) year, then destroyed. 


O No 


Section 3. Attributes of System Data 


A. How will data collected from sources other than DOI records be verified for 
accuracy? 


Information is provided by employees through standard forms. Employees verify the 
accuracy and completeness of estimates provided to them by their HR Benefits Specialist. 


DOI’s FPPS and eOPF systems are the official system of records for DOI and Bureaus to 
maintain employee personnel and pay records, therefore presumed to be accurate and the 
only data source used in GRB for calculating estimated employee retirement annuity 
benefits. FPPS performs regular data validation to ensure accurate information. 

e-OPF is operated by OPM, and provides official documentation of federal service from 
other agencies outside DOI. 


HR Benefits Specialist also routinely update federal service information changes for 
employees in the FPPS system. 
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. How will data be checked for completeness? 


Benefits Specialist staff members or assistants thoroughly review and document each 
employee’s personnel actions within FPPS and eOPF before data is manually entered into 
GRB. Data is also checked for completeness within FPPS prior to being entered into 
GRB. Information is routinely updated as Federal service information changes for 
employees. Verification of GRB records is required prior to generating reports. 


. What procedures are taken to ensure the data is current? Identify the process or 
name the document (e.g., data models). 


FPPS and eOPF store current and historical employment information documenting the 
employee’s entire Federal service. The Benefits Specialist or staff members manually 
enter the information requested for each GRB field. Information in the system is 
routinely compared to other HR systems such as FPPS and eOPF to verify accuracy. The 
retirement estimate scenarios are projections of retirement benefits in the future. The 
employee reviews the projections for accuracy and completeness. 


When an employee requests a “new” or revised estimate, the HR point of contact or 
Benefits Specialist reviews all the necessary records and updates or adjusts as necessary 
based on findings. 


. What are the retention periods for data in the system? Identify the associated 
records retention schedule for the records in this system. 


GRB records are maintained under the Departmental Records Schedule (DRS) 1.2.0004 - 
Short-Term Human Resources Records (DAA-0048-2013-0001-0004), which is approved 
by the National Archives and Records Administration (NARA). These records are only 
for estimated employee retirement benefits. Records are cut-off on employee separation 
or transfer. An estimate file can be re-created for an employee whenever required or upon 
retirement. Destroy 3 years after cut-off, this disposal authority applies to all DOI 
bureaus and offices. 


. What are the procedures for disposition of the data at the end of the retention 
period? Where are the procedures documented? 


When approved for destruction, paper records are disposed of by shredding or pulping, 


and records contained on electronic media are degaussed or erased in accordance with 
NARA guidelines and Departmental policy using the DI 1941 processes. 
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F. Briefly describe privacy risks and how information handling practices at each 
stage of the “information lifecycle” (i.e., collection, use, retention, processing, 
disclosure and destruction) affect individual privacy. 


There is a moderate risk to the privacy of individuals due to the sensitive nature and 
volume of PII maintained in the system. GRB is undergoing a formal Assessment and 
Authorization for issuance of an authority to operate in accordance with the Federal 
Information Security Modernization Act (FISMA) and National Institute of Standards 
and Technology (NIST) guidelines. GRB has been rated as a moderate system requiring 
strict security and privacy controls to protect the confidentiality, integrity, and 
availability of data in the system. As part of the continuous monitoring program, 
continuous auditing will occur on the system to identify and respond to potential impacts 
to the PII collected and used within the system. 


There is a risk that GRB may collect more PII than necessary. HR Benefits Specialist 
only enters PII necessary to provide an accurate calculation of retirement benefit and 
annuity estimates to DOI employees into the GRB system. HR Benefits Specialists may 
require an employee to provide the last four of their SSN for common name identification 
purposes only. Child dependent information may be required for instances of employee 
death in service however, dependent SSN will not be required to provide an estimate 
calculation. Employee PII used in GRB is manually sourced from DOI FPPS and OPM 
eOPF systems to calculate employee retirement benefits. 


There is a risk that PII will be used outside of the scope of initial collection for an 
unauthorized purpose. Employee PII in GRB is only used for retirement benefit and 
annuity calculation. Retirement estimate is only shared with the requesting DOI 
employee. Each Bureau/Office HR Benefits Specialist is required to take role-based 
training on how to protect DOI employee PII data, including the required annual 
Cybersecurity, Privacy Awareness, Records Management and Controlled Unclassified 
Information (CUTI) training, and sign the DOI Rules of Behavior. 


There is a risk that unauthorized individuals may be able to access data stored in the GRB 
information system. Access to GRB is limited to a small group of authorized HR 
Benefits Specialists within each bureau/office to provide retirement benefit estimates. 
Each authorized GRB Bureau Privileged Licensed Administrator is responsible for 
managing user accounts and can view a list of users in the GRB User Management screen 
area, including username, email, display name, role name, enabled (active) and disabled 
users. Each Bureau Licensed Administrator reviews the GRB Access List(s) no less than 
quarterly, or in the event of a termination, and is responsible for working with their 
Bureau Associate Privacy Officer to address all privacy requirements. This process 
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includes reviewing employment status of each individual on the GRB access list, position 
description, and access privileges. 


There is a risk that the use of shared printers within some DOI bureaus and offices may 
be viewed by non-intended individuals. For bureaus and offices with shared printers, a 
PIN code is entered into the printer in order for the retirement estimate output to be 
printed out to ensure only the intended individuals can view the documents. 


There is a risk that retirement annuity computations and estimates results sent through 
email may contain sensitive PII. HR Benefits Specialists redact PII from estimates and/or 
encrypt PDF versions of the document before sending to the requesting DOI employee’s 
official or personal email. Only employee name is shown on the Retirement Annuity 
estimate report and employee date of birth is redacted. The intended annuitant or their 
beneficiaries is also provided with a password either by phone or email to access their 
computation estimates. Retirement annuity estimates results can also be requested 
through telephone or in-person. 


There is a risk that DOI employees may not have adequate notice on how their PII may 
be used. Privacy notice is provided through the publication of this privacy impact 
assessment. Notice is also provided through the Privacy Act Statements provided on 
OPM and bureau/office forms, and the published INTERIOR/DOI-85, Payroll, 
Attendance, Retirement and Leave Records and OPM/GOVT-1, General Personnel 
Records, SORNs which may be viewed at https://www.doi.gov/privacy/sorn. These 
notices provide information to individuals on how their PII will be used and shared and 
how they may seek notification, access, or amendment of their records. Notice is also 
provided by HR personnel during retirement counseling sessions. 


There is a risk that PII collected by this system may be retained longer than necessary. 
Records are maintained and disposed of under a NARA approved records schedule. 
Information collected and stored within GRB is maintained, protected, and destroyed in 
compliance with all applicable Federal laws, Executive Orders, directives, policies, 
regulations, standards, and operational requirements. 


Section 4. PIA Risk Review 


A. Is the use of the data both relevant and necessary to the purpose for which the 
system is being designed? 


K Yes: 


The system produces retirement calculations, death benefits, and service computation 
date calculations, which are part of the stated purpose in Section 1.B above. The PII 
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collected is relevant and necessary to identify the requesting employee and to accomplish 
the purpose. 


O No 


. Does this system or electronic collection derive new data or create previously 
unavailable data about an individual through data aggregation? 


O Yes: 

Xx] No 

. Will the new data be placed in the individual’s record? 
O Yes: 

Xx] No 


. Can the system make determinations about individuals that would not be possible 
without the new data? 


O Yes: 
XX] No 


The data analysis that is conducted and produced on the reports will identify the 
employees appropriate Service Computation Date for leave and Retirement estimate. 


. How will the new data be verified for relevance and accuracy? 
The GRB does not produce new data. 

. Are the data or the processes being consolidated? 

O Yes, data is being consolidated. 

LI Yes, processes are being consolidated. 


XX] No, data or processes are not being consolidated. 
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G. Who will have access to data in the system or electronic collection? Indicate all that 
apply. 


X Users 
O Contractors 
O Developers 


XX] System Administrator (Benefits Specialists) 
XX] Other: 


Each DOI GRB Bureau Licensed Administrator with an elevated role manage and 
implement functions such as account creation, modification, enabling, and removal for all 
HR Benefits Specialists user accounts for their bureau. 


Bureau HR Benefits Specialist are the end users of GRB system to provide retirement 
benefit and annuity estimates to bureau employees. 


DOI HR Assistants have a limited role to only provide Service Computation Dates. 


The GRB Vendor provide system maintenance services, however, they do not have 
access to the PII. 


H. How is user access to data determined? Will users have access to all data or will 
access be restricted? 


Each bureau has their own instance of GRB and its usage is limited to the bureau’s HR 
Benefits/Retirement Specialists. HR Benefits staff members have access to GRB as their 
official duties require. Bureau/Office administrators are responsible for controlling and 
monitoring access of authorized employees. User access to this system is limited to 
authorized HR Benefit Specialist personnel only to access, view, and input data into GRB 
system. 


GRB system access is controlled by the HR Benefits Specialist Licensed Administrator 
with an elevated role such as an HR Manager within each Bureau’s Human Resources 
Office. Bureau Benefit/Retirement Specialists are provided full access to the system in 
order to run various types of estimates. HR Assistants are provided limited access to 
calculate service computation dates only and are unable to access all retirement 
information. 
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Are contractors involved with the design and/or development of the system, or will 
they be involved with the maintenance of the system? 


K Yes. 


Each DOI Bureau/Office has included Privacy Act clauses in their contract with GRB 
Inc. 


O No 


Is the system using technologies in ways that the DOI has not previously employed 
(e.g., monitoring software, SmartCards or Caller ID)? 


O Yes. 

Xx No 

. Will this system provide the capability to identify, locate and monitor individuals? 
Xx Yes. 

GRB monitors HR Benefits Specialists and assistants who are the only officials that can 


access the system. The audit records contain information on the activities performed 
while using the system, such as duration, number of bytes received and sent, etc. 


O No 


. What kinds of information are collected as a function of the monitoring of 
individuals? 


The GRB Platform generates audit records that contain the following information: 
session, connection, transaction, or activity duration; for client-server transactions, the 
number of bytes received, and bytes sent; additional informational messages to diagnose 
or identify the event; characteristics that describe or identify the object or resource 
accessed. 
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. What controls will be used to prevent unauthorized monitoring? 


GRB tracks user logon and logoff events, reports success/failure of any local or remote 
access-based logon, object access, policy change, privilege use, process tracking, and 
system events. Auditable events are reviewed and updated at least annually. 


. How will the PII be secured? 


(1) Physical Controls. Indicate all that apply. 


XX] Security Guards 

O Key Guards 

X Locked File Cabinets 
XX] Secured Facility 

XX] Closed Circuit Television 
CL] Cipher Locks 

X Identification Badges 
O Safes 

L] Combination Locks 
X Locked Offices 

O Other. Describe 


(2) Technical Controls. Indicate all that apply. 


X Password 

X Firewall 

XX] Encryption 

X User Identification 

O Biometrics 

X Intrusion Detection System (IDS) 

XX] Virtual Private Network (VPN) 

XX] Public Key Infrastructure (PKI) Certificates 
XX Personal Identity Verification (PIV) Card 
O Other. Describe 


(3) Administrative Controls. Indicate all that apply. 


XX] Periodic Security Audits 
XX] Backups Secured Off-site. 
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XX] Rules of Behavior 

XX] Role-Based Training 

XX] Regular Monitoring of Users’ Security Practices 

XX] Methods to Ensure Only Authorized Personnel Have Access to PII 
XX] Encryption of Backups Containing Sensitive Data 

XX] Mandatory Security, Privacy and Records Management Training 
O Other. Describe 


O. Who will be responsible for protecting the privacy rights of the public and 
employees? This includes officials responsible for addressing Privacy Act 
complaints and requests for redress or amendment of records. 


The Director, Human Resource Information Systems, within the Office of the Secretary 
serves as the GRB Information System Owner and the official responsible for oversight 
and management of security controls and the protection of agency information processed 
and stored in GRB. Each bureau GRB Licensed Administrator is responsible for 
ensuring the security of data maintained in GRB, and for meeting privacy and security 
requirements within their organization. The Information System Owner, Information 
System Security Officer and Privacy Act system managers are responsible for addressing 
privacy rights and complaints, and ensuring adequate safeguards are implemented to 
protect individual privacy in compliance with Federal laws and policies for the data 
managed and stored in GRB, in consultation with the Bureau and Office Associate 
Privacy Officers. 


P. Who is responsible for assuring proper use of the data and for reporting the loss, 
compromise, unauthorized disclosure, or unauthorized access of privacy protected 
information? 


The GRB Information System Owner is responsible for daily operational oversight and 
management of the system’s security and privacy controls, for ensuring to the greatest 
possible extent that the data is properly managed and that all access to the data has been 
granted in a secure and auditable manner. The GRB Information System Owner and 
Information System Security Officer are responsible for ensuring that any loss, 
compromise, unauthorized access or disclosure of PII is reported to DOI-CIRC, DOI’s 
incident reporting portal, and appropriate DOI privacy officials in accordance with DOI 
policy and established procedures. 


Each bureau Licensed Administrator is responsible for ensuring the security of data 
maintained in GRB, and for meeting privacy and security requirements within their 
organization and immediately reporting any potential compromise of data in accordance 
with Federal policy and the DOI Privacy Breach Response Plan. 
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